-
Notifications
You must be signed in to change notification settings - Fork 81
Configuration Import Export

The Export-FalconConfig command gathers configurable items from your Falcon environment and exports them as a
ZIP archive. The following example will create a file called FalconConfig_<FileDate>.zip in your current
directory containing all the available configurations.
Export-FalconConfigNOTE: Users are not included in the export/import process because they are unique and can not be duplicated.
Similar to the regular command, a zip file will be created, but in this example it will only include HostGroup,
FirewallGroup (including Firewall Rules) and FirewallPolicy items.
Export-FalconConfig -Items HostGroup, FirewallGroup, FirewallPolicyUsing the Import-FalconConfig command, you can re-create any items that are present in the export but are not
present in your authenticated Falcon environment. Import-FalconConfig loads the files within the ZIP, checks
them against the existing items in the target environment, and creates any items that are not present.
Import-FalconConfig -Path .\FalconConfig_<FileDate>.zipNOTE: If you attempt to import an item that depends on another item and that dependency was not created, then the item itself will not be created.
For example, if you attempt to import a Machine Learning Exclusion that is assigned to the Host Group "Example
Group" and "Example Group" already exists in your environment, the exclusion will not be created. Including the
-Force parameter when running Import-FalconConfig will cause existing Host Groups to be used when they match
groups that would have been created as part of the import.
If it is possible to create the item without the dependency (like a policy without assigned Host Groups), it will still be created.
WARNING: Only non-existing items will be imported. No existing policies, groups, exclusions or rules will be modified.

- Using PSFalcon
-
Commands by Permission
- Actors (Falcon Intelligence)
- Alerts
- API integrations
- App Logs
- Assets
- CAO Hunting
- Case Templates
- Cases
- Channel File Control Settings
- Cloud Security API Assets
- Configuration Assessment
- Content Update Policies
- Correlation Rules
- CSPM registration
- Custom IOA rules
- Device Content
- Device control policies
- Event streams
- Falcon Complete Dashboards
- Falcon Container Image
- Falcon Data Replicator
- Falcon FileVantage
- Falcon FileVantage Content
- Firewall management
- Flight Control
- Host groups
- Host Migration
- Hosts
- Identity Protection Entities
- Identity Protection GraphQL
- Identity Protection Policy Rules
- Incidents
- Indicators (Falcon Intelligence)
- Installation tokens
- Installation token settings
- IOA Exclusions
- IOC Manager APIs
- IOCs
- IT Automation - Policies
- IT Automation - Task Executions
- IT Automation - Tasks
- IT Automation - User Groups
- Kubernetes Protection
- Machine Learning exclusions
- MalQuery
- Malware Families (Falcon Intelligence)
- Message Center
- Mobile Enrollment
- Monitoring rules (Falcon Intelligence Recon)
- NGSIEM
- NGSIEM Dashboards
- NGSIEM Lookup Files
- NGSIEM Parsers
- NGSIEM Saved Queries
- On demand scans (ODS)
- OverWatch Dashboard
- Prevention Policies
- Quarantined Files
- QuickScan Pro
- Real time response
- Real time response (admin)
- Reports (Falcon Intelligence)
- Response policies
- Rules (Falcon Intelligence)
- Sample uploads
- Sandbox (Falcon Intelligence)
- Scheduled Reports
- Sensor Download
- Sensor update policies
- Sensor Usage
- Sensor Visibility Exclusions
- Snapshot
- Snapshot Scanner Image Download
- Tailored Intelligence
- Threatgraph
- User management
- Vulnerabilities
- Vulnerabilities (Falcon Intelligence)
- Workflow
- Zero Trust Assessment
- Other Commands
- Examples
-
CrowdStrike SDKs
- FalconPy - Python 3
- goFalcon - Go
- Rusty Falcon - Rust